aces · driusan · Mar 13, 2024 · Feb 27, 2024 · Feb 27, 2024 · Feb 27, 2024
diff --git a/modules/user_accounts/php/user_accounts.class.inc b/modules/user_accounts/php/user_accounts.class.inc
@@ -77,9 +77,17 @@ class User_Accounts extends \DataFrameworkMenu
             'Y' => 'Yes',
             'N' => 'No',
         ];
+        // Get user
+        $factory = \NDB_Factory::singleton();
+        $user    = $factory->user();
+
+        // Without user_acounts_multisite permission, only show user sites
+        $sites = $user->hasPermission('user_accounts_multisite') ?
+            \Utility::getSiteList(false)
+            : $user->getSiteNamesList();
 
         return [
-            'sites'            => \Utility::getSiteList(false),
+            'sites'            => $sites,
             'projects'         => \Utility::getProjectList(),
             'actives'          => $yesNoOptions,
             'pendingApprovals' => $yesNoOptions,

diff --git a/modules/user_accounts/php/useraccountrowprovisioner.class.inc b/modules/user_accounts/php/useraccountrowprovisioner.class.inc
@@ -17,6 +17,18 @@ class UserAccountRowProvisioner extends \LORIS\Data\Provisioners\DBRowProvisione
      */
     function __construct()
     {
+        // Get user
+        $factory = \NDB_Factory::singleton();
+        $user    = $factory->user();
+        if (!$user->hasPermission('user_accounts_multisite')) {
+            $siteLimitQuery = "LEFT JOIN user_psc_rel upsr2
+                ON (upsr2.CenterID=upsr.CenterID)
+                WHERE upsr2.UserID=:uid";
+            $params         = ['uid' => $user->getId()];
+        } else {
+            $siteLimitQuery = '';
+            $params         = [];
+        }
         parent::__construct(
             "SELECT GROUP_CONCAT(DISTINCT upsr.CenterID) as centerIds,
                     GROUP_CONCAT(DISTINCT uprr.ProjectID) as projectIds,
@@ -29,9 +41,10 @@ class UserAccountRowProvisioner extends \LORIS\Data\Provisioners\DBRowProvisione
              FROM users u
              LEFT JOIN user_psc_rel upsr ON (upsr.UserID=u.ID)
              LEFT JOIN user_project_rel uprr ON (uprr.UserID=u.ID)
+             $siteLimitQuery
              GROUP BY u.ID
              ORDER BY u.UserID",
-            []
+            $params
         );
     }
 

diff --git a/modules/user_accounts/test/TestPlan.md b/modules/user_accounts/test/TestPlan.md
@@ -41,8 +41,8 @@ When creating or editing a user: (subtest: edit_user)
 13. Check that if generating a new password for a user an email is sent to that user containing the new password (requires
     email server).
 14. Check that when editing a user account it is not possible to set the password to its actual value (i.e. it needs to change). [Automated]
-15. Verify that if the editor does not have permission 'Across all sites add and edit users' then the site drop-down list is populated with
-    the editor's associated sites, otherwise all sites are displayed.
+15. Verify that if the editor does not have permission 'User Accounts: View/Create/Edit User Accounts - All Sites' then the multi-select 
+    site field in both edit user page and the filters for the data table are populated with the editor's associated sites, otherwise all sites are displayed.
 16. Check that if the 'Additional user information' entry is set to false in the Configuration module, fields Degree,
     Academic Position, Institution, Department, Street Address, City, State/Province, Country and FAX are not shown.
 17. Check that the 'Examiner At:' and 'Examiner Status' sections are available only if you have the 'Across all sites add and certify examiners'.

diff --git a/modules/user_accounts/test/user_accountsTest.php b/modules/user_accounts/test/user_accountsTest.php
@@ -60,6 +60,12 @@ public function setUp(): void
     {
         parent::setUp();
         $password = new \Password($this->validPassword);
+
+        $permID = $this->DB->pselectOne(
+            "SELECT permID FROM permissions WHERE code='user_accounts_multisite'",
+            []
+        );
+
         $this->DB->insert(
             "users",
             [
@@ -93,6 +99,15 @@ public function setUp(): void
                 'ProjectID' => 1,
             ]
         );
+
+        $this->DB->insert(
+            "user_perm_rel",
+            [
+                'userID' => 999995,
+                'permID' => $permID,
+            ]
+        );
+
     }
 
     /**
@@ -506,6 +521,7 @@ function tearDown(): void
         $this->DB->delete("user_psc_rel", ["UserID" => 999995]);
         $this->DB->delete("user_project_rel", ["UserID" => 999995]);
         $this->DB->delete("users", ["UserID" => 'UnitTesterTwo']);
+        $this->DB->delete("user_perm_rel", ["userID" => 999995]);
         parent::tearDown();
     }
 }

diff --git a/php/libraries/User.class.inc b/php/libraries/User.class.inc
@@ -351,6 +351,37 @@ class User extends UserPermissions implements
         return $site_list;
     }
 
+    /**
+     * Returns all user's sites
+     *
+     * @return array
+     */
+    function getSites(): array
+    {
+        return array_map(
+            function ($centerID) {
+                return \Site::singleton($centerID);
+            },
+            $this->getCenterIDs()
+        );
+    }
+
+    /**
+     * Returns all user's sites in associative
+     * array (CenterID => CenterName)
+     *
+     * @return array
+     */
+    function getSiteNamesList(): array
+    {
+        $sites = [];
+        foreach ($this->getSites() as $site) {
+            $sites[$site->getCenterID()->__toString()] = $site->getCenterName();
+        }
+        return $sites;
+    }
+
+
     /**
      * Returns all user's sites that are StudySites
      *